----- Original Message ----- From: "Davanum Srinivas" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, October 30, 2002 3:57 PM Subject: Re: DO NOT REPLY [Bug 14105] New: - axis is vulnerable to XXE
> Steve, > > See http://marc.theaimsgroup.com/?l=axis-dev&m=103601859604566&w=2 for my fixes and test cases. > > Thanks, > dims > ahh. all is well. The problem I had in the past was that our service was rendering SVG, and was vulnerable to xlink:href paths, and the actual (native) code that did the rendering wasnt ours. We had to clean up the XML before it went in, which is harder than you'd think.
